Listing of the Claims 



1 . (previously presented) An integrated intrusion detection method comprising: 
gathering information from a plurality of different types of intrusion detection 

sensors; 

processing said information, wherein said processing provides a consolidated 
correlation of said information; 

assigning a severity to said information based on an enterprise wide security 

policy; 

assigning a response corresponding to said information and corresponding to said 
severity; and 

implementing said response according to said severity. 

2. (original) An integrated intrusion detection method of Claim 1 wherein said 
information includes intrusion detection alerts. 

3. (original) An integrated intrusion detection method of Claim 2 further comprising 
centrally tracking information associated with intrusion detection alerts from said 
plurality of different types of intrusion detection sensors. 

4. (original) An integrated intrusion detection method of Claim 3 wherein said 
tracking information associated with intrusion detection includes assigning severity 
assignments standardized across said plurality of different types of intrusion detection 
sensors. 

5. (original) An integrated intrusion detection method of Claim 2 wherein said 
intrusion detection alerts are correlated based upon various alert attributes. 

6. (original) An integrated intrusion detection method of Claim 2 wherein said 
response conforms to an enterprise wide strategy. 
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7. (previously presented) An integrated intrusion detection method of Claim 1 
further comprising managing said intrusion detection sensors. 

8. (previously presented) A computer usable storage medium having computer 
readable program code embodied therein for causing a computer system to implement 
intrusion detection instructions comprising: 

a data collection module for receiving information from a plurality of different 
types of intrusion detection sensors, wherein said information indicates potential security 
issues; 

an information severity determination module for assigning a severity to said 
information based on an enterprise wide security policy; 

an integration module for integrating said information in a network application 
management platform; 

a reaction determination module for determining appropriate response to 
indication of said potential security issues according to said severity; and 

a reaction direction module for directing said response according to said severity. 

9. (original) A computer usable storage medium of Claim 8 wherein said 
information includes intrusion detection system alert data. 

10. (previously presented) A computer usable storage medium of Claim 8 wherein 
said integration module selects a hook in an intrusion detection system. 

1 1 . (previously presented) A computer usable storage medium of Claim 8 wherein 
said data collection module logs alerts from said plurality of different types of intrusion 
detection sensors. 

12. (original) A computer usable storage medium of Claim 8 wherein said alerts are 
provided by a simple network management protocol (SNMP), a system log and an 
application program interface. 
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13. (original) A computer usable storage medium of Claim 8 wherein said integration 
module includes analyzing a plurality of manners in which an alert can be provided and 
selecting the manner that is the most secure with the least dependencies in a 
communication path. 

14. (original) A computer usable storage medium of Claim 8 wherein said integration 
module utilizes a network application management platform to log information. 

15. A computer usable storage medium of Claim 14 wherein: 

an open view operation simple network management protocol trap is utilized to 

handle simple network management protocol trap based alerts; 

an open view operation log file encapsulator handles system log based alerts; and 
an open view message interceptor handles application program interface 

propagated alerts with the help of an operation message mechanism. 

16. (original) A computer usable medium of Claim 14 wherein a secure open view 
template configuration is utilized to log information and the one message group is 
configured for handling intrusion detection system alerts and another message group is 
configured for handling intrusion detection system errors. 

17-20 (cancelled) 
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